diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:22:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:22:06 +0000 |
commit | 741c1ef7a4f2ac316ad6e557ddbe03023413478d (patch) | |
tree | 38890f681daa26c57e865b4feca10d0ca53e1046 /tests/chage | |
parent | Initial commit. (diff) | |
download | shadow-741c1ef7a4f2ac316ad6e557ddbe03023413478d.tar.xz shadow-741c1ef7a4f2ac316ad6e557ddbe03023413478d.zip |
Adding upstream version 1:4.5.upstream/1%4.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
326 files changed, 15128 insertions, 0 deletions
diff --git a/tests/chage/01/data/chage1 b/tests/chage/01/data/chage1 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/01/data/chage1 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/01/data/chage2 b/tests/chage/01/data/chage2 new file mode 100644 index 0000000..7efdc0c --- /dev/null +++ b/tests/chage/01/data/chage2 @@ -0,0 +1,7 @@ +Last password change : Jul 28, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 1 +Maximum number of days between password change : 99996 +Number of days of warning before password expires : 5 diff --git a/tests/chage/01/data/chage3 b/tests/chage/01/data/chage3 new file mode 100644 index 0000000..a263db9 --- /dev/null +++ b/tests/chage/01/data/chage3 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : Jan 01, 1970 +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/01/data/chage4 b/tests/chage/01/data/chage4 new file mode 100644 index 0000000..11e2f2d --- /dev/null +++ b/tests/chage/01/data/chage4 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : Jan 02, 1970 +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/01/data/chage5 b/tests/chage/01/data/chage5 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/01/data/chage5 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/01/data/chage6 b/tests/chage/01/data/chage6 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/01/data/chage6 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/01/data/chage7 b/tests/chage/01/data/chage7 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/01/data/chage7 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/01/data/chage7b b/tests/chage/01/data/chage7b new file mode 100644 index 0000000..0cea901 --- /dev/null +++ b/tests/chage/01/data/chage7b @@ -0,0 +1,7 @@ +Last password change : Jul 26, 2005 +Password expires : Aug 09, 2005 +Password inactive : Sep 13, 2005 +Account expires : Jul 27, 2012 +Minimum number of days between password change : 13 +Maximum number of days between password change : 14 +Number of days of warning before password expires : 9 diff --git a/tests/chage/01/data/chage8 b/tests/chage/01/data/chage8 new file mode 100644 index 0000000..25151a2 --- /dev/null +++ b/tests/chage/01/data/chage8 @@ -0,0 +1 @@ +chage: user 'myuser8' does not exist in /etc/passwd diff --git a/tests/chage/01/data/group b/tests/chage/01/data/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/01/data/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/01/data/gshadow b/tests/chage/01/data/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/01/data/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/01/data/passwd b/tests/chage/01/data/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/01/data/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/01/data/shadow b/tests/chage/01/data/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/01/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/01/data/usage b/tests/chage/01/data/usage new file mode 100644 index 0000000..31df15c --- /dev/null +++ b/tests/chage/01/data/usage @@ -0,0 +1,16 @@ +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/01/run b/tests/chage/01/run new file mode 100755 index 0000000..df64325 --- /dev/null +++ b/tests/chage/01/run @@ -0,0 +1,206 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +# Rational: +# Test chage options + +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +save() +{ + [ ! -d tmp ] && mkdir tmp + for i in passwd group shadow gshadow + do + [ -f /etc/$i ] && cp /etc/$i tmp/$i + [ -f /etc/$i- ] && cp /etc/$i- tmp/$i- + done + + true +} + +restore() +{ + for i in passwd group shadow gshadow + do + [ -f tmp/$i ] && cp tmp/$i /etc/$i && rm tmp/$i + [ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i- + done + rm -f tmp/out + rmdir tmp +} + +save + +# restore the files on exit +trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0 + +for i in passwd group shadow gshadow +do + cp data/$i /etc +done + +echo -n "testing option -l" +chage -l myuser1 > tmp/out +diff -au data/chage1 tmp/out +echo -n . +chage -l myuser2 > tmp/out +diff -au data/chage2 tmp/out +echo -n . +chage -l myuser3 > tmp/out +diff -au data/chage3 tmp/out +echo -n . +chage -l myuser4 > tmp/out +diff -au data/chage4 tmp/out +echo -n . +chage -l myuser5 > tmp/out +diff -au data/chage5 tmp/out +echo -n . +chage -l myuser6 > tmp/out +diff -au data/chage6 tmp/out +echo -n . +chage --list myuser7 > tmp/out +diff -au data/chage7 tmp/out +echo -n . +msg=$(chage -l myuser8 2> tmp/out) || err=$? +[ "$err" = "1" ] && [ "$msg" = "" ] || exit 1 +diff -au data/chage8 tmp/out +echo . + +echo "testing option -d" +chage -d 2001-10-02 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:11597:0:99999:7:1::' ] || exit 1 +echo "testing option -d -1" +chage -d -1 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:1::' ] || exit 1 +echo "testing option -d 0" +chage -d 0 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:99999:7:1::' ] || exit 1 +echo "testing option --lastday" +chage --lastday 2011-11-02 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1::' ] || exit 1 + +echo "testing option -E" +chage -E 2010-10-02 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:14884:' ] || exit 1 +echo "testing option -E -1" +chage -E -1 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1::' ] || exit 1 +echo "testing option -E 0" +chage -E 0 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:0:' ] || exit 1 +echo "testing option --expiredate" +chage --expiredate 2020-02-02 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:18294:' ] || exit 1 + +echo "testing option -I" +# NOTE: I could pass a date to -I +chage -I 42 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:42:18294:' ] || exit 1 +echo "testing option -I -1" +# NOTE: this behavior is not documented +chage -I -1 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7::18294:' ] || exit 1 +echo "testing option -I 0" +# NOTE: We should check that this is the expected behavior +chage -I 0 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:0:18294:' ] || exit 1 +echo "testing option --inactive" +chage --inactive 12 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1 + +echo "testing option -m" +chage -m 24 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:24:99999:7:12:18294:' ] || exit 1 +echo "testing option -m -1" +# NOTE: this behavior is not documented +chage -m -1 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280::99999:7:12:18294:' ] || exit 1 +echo "testing option -m 0" +chage -m 0 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1 +echo "testing option --mindays" +chage --min 1 myuser7 +# NOTE: that shouldn't have work +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:99999:7:12:18294:' ] || exit 1 + +echo "testing option -M" +chage -M 25 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:25:7:12:18294:' ] || exit 1 +echo "testing option -M -1" +# NOTE: this behavior is not documented +chage -M -1 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1::7:12:18294:' ] || exit 1 +echo "testing option -M 0" +chage -M 0 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:0:7:12:18294:' ] || exit 1 +echo "testing option --maxdays" +chage --max 2 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:7:12:18294:' ] || exit 1 + +echo "testing option -W" +chage -W 26 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:26:12:18294:' ] || exit 1 +echo "testing option -W -1" +# NOTE: this behavior is not documented +chage -W -1 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2::12:18294:' ] || exit 1 +echo "testing option -W 0" +chage -W 0 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:0:12:18294:' ] || exit 1 +echo "testing option --warndays" +chage --warndays 3 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:3:12:18294:' ] || exit 1 + +echo "testing with all options" +chage -d 2030-03-02 -E 1979-11-24 -I 10 -m 11 -M 12 --warndays 4 myuser7 +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:21975:11:12:4:10:3614:' ] || exit 1 + +echo "interractive test" +./run1.exp +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:' ] || exit 1 + +echo "interractive test (default)" +./run2.exp +ent=$(getent shadow myuser7) +[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:' ] || exit 1 +chage -l myuser7 > tmp/out +diff -au data/chage7b tmp/out + +echo "usage" +chage -h > tmp/out || { + if [ "$?" != "2" ]; then false; fi +} +diff -au data/usage tmp/out + +echo "OK" diff --git a/tests/chage/01/run1.exp b/tests/chage/01/run1.exp new file mode 100755 index 0000000..0160fb1 --- /dev/null +++ b/tests/chage/01/run1.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser7 +expect -re "Minimum Password Age .11\]: " +send "13\r" +expect -re "Maximum Password Age .12\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2030-03-02\]: " +send "2005-07-26\r" +expect -re "Password Expiration Warning .4\]: " +send "9\r" +expect -re "Password Inactive .10\]: " +send "35\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .1979-11-24\]: " +send "2012-07-27\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/01/run2.exp b/tests/chage/01/run2.exp new file mode 100755 index 0000000..f4f342f --- /dev/null +++ b/tests/chage/01/run2.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser7 +expect -re "Minimum Password Age .13\]: " +send "\r" +expect -re "Maximum Password Age .14\]: " +send "\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-26\]: " +send "\r" +expect -re "Password Expiration Warning .9\]: " +send "\r" +expect -re "Password Inactive .35\]: " +send "\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .2012-07-27\]: " +send "\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/02/data/group b/tests/chage/02/data/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/02/data/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/02/data/gshadow b/tests/chage/02/data/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/02/data/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/02/data/passwd b/tests/chage/02/data/passwd new file mode 100644 index 0000000..5bec374 --- /dev/null +++ b/tests/chage/02/data/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/02/data/shadow b/tests/chage/02/data/shadow new file mode 100644 index 0000000..038d5cf --- /dev/null +++ b/tests/chage/02/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: diff --git a/tests/chage/02/run b/tests/chage/02/run new file mode 100755 index 0000000..74ac268 --- /dev/null +++ b/tests/chage/02/run @@ -0,0 +1,50 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +# Rational: +# Test chage with bogus inputs + +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +save() +{ + [ ! -d tmp ] && mkdir tmp + for i in passwd group shadow gshadow + do + [ -f /etc/$i ] && cp /etc/$i tmp/$i + [ -f /etc/$i- ] && cp /etc/$i- tmp/$i- + done + + true +} + +restore() +{ + for i in passwd group shadow gshadow + do + [ -f tmp/$i ] && cp tmp/$i /etc/$i && rm tmp/$i + [ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i- + done + rm -f tmp/out + rmdir tmp +} + +save + +# restore the files on exit +trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0 + +for i in passwd group shadow gshadow +do + cp data/$i /etc +done + +echo "interractive test" +./run.exp $(date "+%Y-%m-%d") + +echo "OK" diff --git a/tests/chage/02/run.exp b/tests/chage/02/run.exp new file mode 100755 index 0000000..0dbb27d --- /dev/null +++ b/tests/chage/02/run.exp @@ -0,0 +1,83 @@ +#!/usr/bin/expect + +set timeout 5 + +proc expect_error {} { + expect { + "chage: error changing fields" { + expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } + } + } default { + puts "\nFAIL" + exit 1 + } + } +} + + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser +expect -re "Minimum Password Age .0\]: " +send -- "-2\r" +expect_error + +spawn /usr/bin/chage myuser +expect -re "Minimum Password Age .0\]: " +send "foo\r" +expect_error + +# chage accepts to be given only spaces +#spawn /usr/bin/chage myuser +#expect -re "Minimum Password Age .0\]: " +#send -- " \r" +#expect_error +# +#chage may not parse all the arguments. +#This may be a problem is a date is provided instead of just a number +#spawn /usr/bin/chage myuser +#expect -re "Minimum Password Age .0\]: " +#send -- "1 2\r" +#expect_error + +spawn /usr/bin/chage myuser +expect -re "Minimum Password Age .0\]: " +send "11\r" +expect -re "Maximum Password Age .99999\]: " +send -- "-2\r" +expect_error + +spawn /usr/bin/chage myuser +expect -re "Minimum Password Age .0\]: " +send "\r" +expect -re "Maximum Password Age .99999\]: " +send "foo\r" +expect_error + +# chage should verify the range of the arguments +#spawn /usr/bin/chage myuser +#expect -re "Minimum Password Age .0\]: " +#send "\r" +#expect -re "Maximum Password Age .99999\]: " +#send "100000\r" +#expect_error + +#spawn /usr/bin/chage myuser +#expect -re "Minimum Password Age .0\]: " +#send "\r" +#expect -re "Maximum Password Age .99999\]: " +#send "\r" +#expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-25]: " +#send "12\n" +#expect_error + + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/03_chsh_usage/chage.test b/tests/chage/03_chsh_usage/chage.test new file mode 100755 index 0000000..db6200c --- /dev/null +++ b/tests/chage/03_chsh_usage/chage.test @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage can display its usage message" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Get chage usage (chage -h)..." +chage -h >tmp/usage.out +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/03_chsh_usage/config.txt b/tests/chage/03_chsh_usage/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/03_chsh_usage/config.txt diff --git a/tests/chage/03_chsh_usage/config/etc/group b/tests/chage/03_chsh_usage/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/03_chsh_usage/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/03_chsh_usage/config/etc/gshadow b/tests/chage/03_chsh_usage/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/03_chsh_usage/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/03_chsh_usage/config/etc/passwd b/tests/chage/03_chsh_usage/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/03_chsh_usage/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/03_chsh_usage/config/etc/shadow b/tests/chage/03_chsh_usage/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/03_chsh_usage/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/03_chsh_usage/data/usage.out b/tests/chage/03_chsh_usage/data/usage.out new file mode 100644 index 0000000..31df15c --- /dev/null +++ b/tests/chage/03_chsh_usage/data/usage.out @@ -0,0 +1,16 @@ +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/04_chsh_usage_invalid_option/chage.test b/tests/chage/04_chsh_usage_invalid_option/chage.test new file mode 100755 index 0000000..1ba8163 --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when an invalid option is used" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Use chage with an invalid option (chage -Z bin)..." +chage -Z bin 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/04_chsh_usage_invalid_option/config.txt b/tests/chage/04_chsh_usage_invalid_option/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/config.txt diff --git a/tests/chage/04_chsh_usage_invalid_option/config/etc/group b/tests/chage/04_chsh_usage_invalid_option/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow b/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd b/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow b/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/04_chsh_usage_invalid_option/data/usage.out b/tests/chage/04_chsh_usage_invalid_option/data/usage.out new file mode 100644 index 0000000..21f71d6 --- /dev/null +++ b/tests/chage/04_chsh_usage_invalid_option/data/usage.out @@ -0,0 +1,17 @@ +chage: invalid option -- 'Z' +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/05_chsh_usage_2_users/chage.test b/tests/chage/05_chsh_usage_2_users/chage.test new file mode 100755 index 0000000..5860393 --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when 2 users are provided" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Use chage with 2 users (chage -I 12 bin nobody)..." +chage -I 12 bin nobody 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/05_chsh_usage_2_users/config.txt b/tests/chage/05_chsh_usage_2_users/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/config.txt diff --git a/tests/chage/05_chsh_usage_2_users/config/etc/group b/tests/chage/05_chsh_usage_2_users/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/05_chsh_usage_2_users/config/etc/gshadow b/tests/chage/05_chsh_usage_2_users/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/05_chsh_usage_2_users/config/etc/passwd b/tests/chage/05_chsh_usage_2_users/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/05_chsh_usage_2_users/config/etc/shadow b/tests/chage/05_chsh_usage_2_users/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/05_chsh_usage_2_users/data/usage.out b/tests/chage/05_chsh_usage_2_users/data/usage.out new file mode 100644 index 0000000..31df15c --- /dev/null +++ b/tests/chage/05_chsh_usage_2_users/data/usage.out @@ -0,0 +1,16 @@ +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/06_chsh_usage_no_users/chage.test b/tests/chage/06_chsh_usage_no_users/chage.test new file mode 100755 index 0000000..0851d6e --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when no users are provided" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Use chage without an user (chage -I 12)..." +chage -I 12 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/06_chsh_usage_no_users/config.txt b/tests/chage/06_chsh_usage_no_users/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/config.txt diff --git a/tests/chage/06_chsh_usage_no_users/config/etc/group b/tests/chage/06_chsh_usage_no_users/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/06_chsh_usage_no_users/config/etc/gshadow b/tests/chage/06_chsh_usage_no_users/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/06_chsh_usage_no_users/config/etc/passwd b/tests/chage/06_chsh_usage_no_users/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/06_chsh_usage_no_users/config/etc/shadow b/tests/chage/06_chsh_usage_no_users/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/06_chsh_usage_no_users/data/usage.out b/tests/chage/06_chsh_usage_no_users/data/usage.out new file mode 100644 index 0000000..31df15c --- /dev/null +++ b/tests/chage/06_chsh_usage_no_users/data/usage.out @@ -0,0 +1,16 @@ +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/07_chsh_usage-l_exclusive/chage.test b/tests/chage/07_chsh_usage-l_exclusive/chage.test new file mode 100755 index 0000000..9036f09 --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/chage.test @@ -0,0 +1,57 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when -l is used with another option" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +for opt in "-m 12" "-M 12" "-d 2011-09-11" "-W 12" "-I 12" "-E 2011-09-11" +do + echo -n "Use chage with -l and $opt (chage -l $opt bin)..." + chage -l $opt bin 2>tmp/usage.out && exit 1 || { + status=$? + } + echo "OK" + + echo -n "Check returned status ($status)..." + test "$status" = "2" + echo "OK" + + echo "chage reported:" + echo "=======================================================================" + cat tmp/usage.out + echo "=======================================================================" + echo -n "Check the usage message..." + diff -au data/usage.out tmp/usage.out + echo "usage message OK." + rm -f tmp/usage.out +done + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/07_chsh_usage-l_exclusive/config.txt b/tests/chage/07_chsh_usage-l_exclusive/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/config.txt diff --git a/tests/chage/07_chsh_usage-l_exclusive/config/etc/group b/tests/chage/07_chsh_usage-l_exclusive/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow b/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd b/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow b/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/07_chsh_usage-l_exclusive/data/usage.out b/tests/chage/07_chsh_usage-l_exclusive/data/usage.out new file mode 100644 index 0000000..b006b60 --- /dev/null +++ b/tests/chage/07_chsh_usage-l_exclusive/data/usage.out @@ -0,0 +1,17 @@ +chage: do not include "l" with other flags +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/08_chsh_usage_invalid_date/chage.test b/tests/chage/08_chsh_usage_invalid_date/chage.test new file mode 100755 index 0000000..90007fc --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/chage.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when -l is used with another option" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +for opt in "-d 2011-09" "-E 2011-09-09-11" +do + echo -n "Use chage with an invalid date (chage $opt bin)..." + chage $opt bin 2>tmp/usage.out && exit 1 || { + status=$? + } + echo "OK" + + echo -n "Check returned status ($status)..." + test "$status" = "2" + echo "OK" + + echo "chage reported:" + echo "=======================================================================" + cat tmp/usage.out + echo "=======================================================================" + d=$(echo $opt | cut -d' ' -f2) + sed -e "s/'$d'/'DATE'/" -i tmp/usage.out + echo -n "Check the usage message..." + diff -au data/usage.out tmp/usage.out + echo "usage message OK." + rm -f tmp/usage.out +done + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/08_chsh_usage_invalid_date/config.txt b/tests/chage/08_chsh_usage_invalid_date/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/config.txt diff --git a/tests/chage/08_chsh_usage_invalid_date/config/etc/group b/tests/chage/08_chsh_usage_invalid_date/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow b/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd b/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow b/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/08_chsh_usage_invalid_date/data/usage.out b/tests/chage/08_chsh_usage_invalid_date/data/usage.out new file mode 100644 index 0000000..cb49bf8 --- /dev/null +++ b/tests/chage/08_chsh_usage_invalid_date/data/usage.out @@ -0,0 +1,17 @@ +chage: invalid date 'DATE' +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test b/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test new file mode 100755 index 0000000..36d11e5 --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when -l is used with another option" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +for opt in "-I -12" "-m -12" "-M -12" "-W -12" "-I a" "-m 12.5" "-M 12a" "-W a12" +do + echo -n "Use chage with an invalid date (chage $opt bin)..." + chage $opt bin 2>tmp/usage.out && exit 1 || { + status=$? + } + echo "OK" + + echo -n "Check returned status ($status)..." + test "$status" = "2" + echo "OK" + + echo "chage reported:" + echo "=======================================================================" + cat tmp/usage.out + echo "=======================================================================" + v=$(echo $opt | cut -d' ' -f2) + sed -e "s/'$v'/'VAL'/" -i tmp/usage.out + echo -n "Check the usage message..." + diff -au data/usage.out tmp/usage.out + echo "usage message OK." + rm -f tmp/usage.out +done + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt b/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out b/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out new file mode 100644 index 0000000..9fb70d6 --- /dev/null +++ b/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out @@ -0,0 +1,17 @@ +chage: invalid numeric argument 'VAL' +Usage: chage [options] LOGIN + +Options: + -d, --lastday LAST_DAY set date of last password change to LAST_DAY + -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE + -h, --help display this help message and exit + -I, --inactive INACTIVE set password inactive after expiration + to INACTIVE + -l, --list show account aging information + -m, --mindays MIN_DAYS set minimum number of days before password + change to MIN_DAYS + -M, --maxdays MAX_DAYS set maximim number of days before password + change to MAX_DAYS + -R, --root CHROOT_DIR directory to chroot into + -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS + diff --git a/tests/chage/10_chsh-l/chage.test b/tests/chage/10_chsh-l/chage.test new file mode 100755 index 0000000..394c981 --- /dev/null +++ b/tests/chage/10_chsh-l/chage.test @@ -0,0 +1,51 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage displays its usage message when -l is used with another option" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +for user in $(ls data/) +do + echo -n "Get $user aging info (chage -l $user)..." + chage -l $user >tmp/$user + echo "OK" + + echo "chage reported:" + echo "=======================================================================" + cat tmp/$user + echo "=======================================================================" + echo -n "Compare with expected output..." + diff -au data/$user tmp/$user + echo "OK" + rm -f tmp/$user +done + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/10_chsh-l/config.txt b/tests/chage/10_chsh-l/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/10_chsh-l/config.txt diff --git a/tests/chage/10_chsh-l/config/etc/group b/tests/chage/10_chsh-l/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/10_chsh-l/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/10_chsh-l/config/etc/gshadow b/tests/chage/10_chsh-l/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/10_chsh-l/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/10_chsh-l/config/etc/passwd b/tests/chage/10_chsh-l/config/etc/passwd new file mode 100644 index 0000000..31046cf --- /dev/null +++ b/tests/chage/10_chsh-l/config/etc/passwd @@ -0,0 +1,32 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash +myuser8:x:424249:424242::/home:/bin/bash +myuser9:x:424250:424242::/home:/bin/bash +myuser10:x:424251:424242::/home:/bin/bash +myuser11:x:424252:424242::/home:/bin/bash +myuser12:x:424253:424242::/home:/bin/bash +myuser13:x:424254:424242::/home:/bin/bash diff --git a/tests/chage/10_chsh-l/config/etc/shadow b/tests/chage/10_chsh-l/config/etc/shadow new file mode 100644 index 0000000..4b81469 --- /dev/null +++ b/tests/chage/10_chsh-l/config/etc/shadow @@ -0,0 +1,30 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1:: +myuser8:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:9999:7:1:: +myuser9:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:9999:7:1:: +myuser10:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0::7:1:: +#myuser11:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1:: diff --git a/tests/chage/10_chsh-l/data/myuser1 b/tests/chage/10_chsh-l/data/myuser1 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser1 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser10 b/tests/chage/10_chsh-l/data/myuser10 new file mode 100644 index 0000000..8a9e5d1 --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser10 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : -1 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser11 b/tests/chage/10_chsh-l/data/myuser11 new file mode 100644 index 0000000..a54ec7a --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser11 @@ -0,0 +1,7 @@ +Last password change : never +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : -1 +Maximum number of days between password change : -1 +Number of days of warning before password expires : -1 diff --git a/tests/chage/10_chsh-l/data/myuser2 b/tests/chage/10_chsh-l/data/myuser2 new file mode 100644 index 0000000..7efdc0c --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser2 @@ -0,0 +1,7 @@ +Last password change : Jul 28, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 1 +Maximum number of days between password change : 99996 +Number of days of warning before password expires : 5 diff --git a/tests/chage/10_chsh-l/data/myuser3 b/tests/chage/10_chsh-l/data/myuser3 new file mode 100644 index 0000000..a263db9 --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser3 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : Jan 01, 1970 +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser4 b/tests/chage/10_chsh-l/data/myuser4 new file mode 100644 index 0000000..11e2f2d --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser4 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : Jan 02, 1970 +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser5 b/tests/chage/10_chsh-l/data/myuser5 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser5 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser6 b/tests/chage/10_chsh-l/data/myuser6 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser6 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser7 b/tests/chage/10_chsh-l/data/myuser7 new file mode 100644 index 0000000..63debfb --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser7 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : Dec 11, 2032 +Password inactive : Dec 12, 2032 +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 9999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser8 b/tests/chage/10_chsh-l/data/myuser8 new file mode 100644 index 0000000..4a3f4bd --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser8 @@ -0,0 +1,7 @@ +Last password change : never +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 9999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/10_chsh-l/data/myuser9 b/tests/chage/10_chsh-l/data/myuser9 new file mode 100644 index 0000000..09f6fdc --- /dev/null +++ b/tests/chage/10_chsh-l/data/myuser9 @@ -0,0 +1,7 @@ +Last password change : password must be changed +Password expires : password must be changed +Password inactive : password must be changed +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 9999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/11_chsh_usage_invalid_user/chage.test b/tests/chage/11_chsh_usage_invalid_user/chage.test new file mode 100755 index 0000000..46d9d65 --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage warns in case of invalid user" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Use chage with an invalid user (chage -I 12 foo)..." +chage -I 12 foo 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/11_chsh_usage_invalid_user/config.txt b/tests/chage/11_chsh_usage_invalid_user/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/config.txt diff --git a/tests/chage/11_chsh_usage_invalid_user/config/etc/group b/tests/chage/11_chsh_usage_invalid_user/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow b/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd b/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow b/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/11_chsh_usage_invalid_user/data/usage.out b/tests/chage/11_chsh_usage_invalid_user/data/usage.out new file mode 100644 index 0000000..cdc8a1f --- /dev/null +++ b/tests/chage/11_chsh_usage_invalid_user/data/usage.out @@ -0,0 +1 @@ +chage: user 'foo' does not exist in /etc/passwd diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/chage.test b/tests/chage/12_chsh_usage-l_invalid_user2/chage.test new file mode 100755 index 0000000..d3b5255 --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage warns in case of invalid user" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Use chage with an invalid user (chage -l foo)..." +chage -l foo 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/config.txt b/tests/chage/12_chsh_usage-l_invalid_user2/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/config.txt diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out b/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out new file mode 100644 index 0000000..cdc8a1f --- /dev/null +++ b/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out @@ -0,0 +1 @@ +chage: user 'foo' does not exist in /etc/passwd diff --git a/tests/chage/13_chsh_locked_passwd/chage.test b/tests/chage/13_chsh_locked_passwd/chage.test new file mode 100755 index 0000000..aeeb412 --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/chage.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage warns when passwd is already locked" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0 + +change_config + +echo -n "Create lock file for /etc/passwd..." +touch /etc/passwd.lock +echo "done" + +echo -n "Use chage with an invalid user (chage -I 12 bin)..." +chage -I 12 bin 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" +rm -f /etc/passwd.lock + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/13_chsh_locked_passwd/config.txt b/tests/chage/13_chsh_locked_passwd/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/config.txt diff --git a/tests/chage/13_chsh_locked_passwd/config/etc/group b/tests/chage/13_chsh_locked_passwd/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/13_chsh_locked_passwd/config/etc/gshadow b/tests/chage/13_chsh_locked_passwd/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/13_chsh_locked_passwd/config/etc/passwd b/tests/chage/13_chsh_locked_passwd/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/13_chsh_locked_passwd/config/etc/shadow b/tests/chage/13_chsh_locked_passwd/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/13_chsh_locked_passwd/data/usage.out b/tests/chage/13_chsh_locked_passwd/data/usage.out new file mode 100644 index 0000000..caa44b5 --- /dev/null +++ b/tests/chage/13_chsh_locked_passwd/data/usage.out @@ -0,0 +1,2 @@ +chage: existing lock file /etc/passwd.lock without a PID +chage: cannot lock /etc/passwd; try again later. diff --git a/tests/chage/14_chsh_locked_shadow/chage.test b/tests/chage/14_chsh_locked_shadow/chage.test new file mode 100755 index 0000000..3474d95 --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/chage.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage warns when shadow is already locked" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0 + +change_config + +echo -n "Create lock file for /etc/shadow..." +touch /etc/shadow.lock +echo "done" + +echo -n "Use chage with an invalid user (chage -I 12 bin)..." +chage -I 12 bin 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" +rm -f /etc/shadow.lock + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/14_chsh_locked_shadow/config.txt b/tests/chage/14_chsh_locked_shadow/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/config.txt diff --git a/tests/chage/14_chsh_locked_shadow/config/etc/group b/tests/chage/14_chsh_locked_shadow/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/14_chsh_locked_shadow/config/etc/gshadow b/tests/chage/14_chsh_locked_shadow/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/14_chsh_locked_shadow/config/etc/passwd b/tests/chage/14_chsh_locked_shadow/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/14_chsh_locked_shadow/config/etc/shadow b/tests/chage/14_chsh_locked_shadow/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/14_chsh_locked_shadow/data/usage.out b/tests/chage/14_chsh_locked_shadow/data/usage.out new file mode 100644 index 0000000..f396f3c --- /dev/null +++ b/tests/chage/14_chsh_locked_shadow/data/usage.out @@ -0,0 +1,2 @@ +chage: existing lock file /etc/shadow.lock without a PID +chage: cannot lock /etc/shadow; try again later. diff --git a/tests/chage/15_chage-I_no_shadow_entry/chage.test b/tests/chage/15_chage-I_no_shadow_entry/chage.test new file mode 100755 index 0000000..77a06a2 --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change bin's inactivity period (chage -I 12 bin)..." +chage -I 12 bin +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/15_chage-I_no_shadow_entry/config.txt b/tests/chage/15_chage-I_no_shadow_entry/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/15_chage-I_no_shadow_entry/config/etc/group b/tests/chage/15_chage-I_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow b/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs b/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd b/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..8656be4 --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow b/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..88faec2 --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/chage/15_chage-I_no_shadow_entry/data/passwd b/tests/chage/15_chage-I_no_shadow_entry/data/passwd new file mode 100644 index 0000000..d9ad1e2 --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/data/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/15_chage-I_no_shadow_entry/data/shadow b/tests/chage/15_chage-I_no_shadow_entry/data/shadow new file mode 100644 index 0000000..d32d937 --- /dev/null +++ b/tests/chage/15_chage-I_no_shadow_entry/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: +bin:*:::::12:: diff --git a/tests/chage/16_chage-m_no_shadow_entry/chage.test b/tests/chage/16_chage-m_no_shadow_entry/chage.test new file mode 100755 index 0000000..778a65a --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change bin's mindays (chage -m 12 bin)..." +chage -m 12 bin +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/16_chage-m_no_shadow_entry/config.txt b/tests/chage/16_chage-m_no_shadow_entry/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/16_chage-m_no_shadow_entry/config/etc/group b/tests/chage/16_chage-m_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow b/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs b/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd b/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..8656be4 --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow b/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..88faec2 --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/chage/16_chage-m_no_shadow_entry/data/passwd b/tests/chage/16_chage-m_no_shadow_entry/data/passwd new file mode 100644 index 0000000..d9ad1e2 --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/data/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/16_chage-m_no_shadow_entry/data/shadow b/tests/chage/16_chage-m_no_shadow_entry/data/shadow new file mode 100644 index 0000000..dc6bc8b --- /dev/null +++ b/tests/chage/16_chage-m_no_shadow_entry/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: +bin:*::12::::: diff --git a/tests/chage/17_chage-M_no_shadow_entry/chage.test b/tests/chage/17_chage-M_no_shadow_entry/chage.test new file mode 100755 index 0000000..6b70f06 --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change bin's mindays (chage -M 12 bin)..." +chage -M 12 bin +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/17_chage-M_no_shadow_entry/config.txt b/tests/chage/17_chage-M_no_shadow_entry/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/17_chage-M_no_shadow_entry/config/etc/group b/tests/chage/17_chage-M_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow b/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs b/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd b/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..8656be4 --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow b/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..88faec2 --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/chage/17_chage-M_no_shadow_entry/data/passwd b/tests/chage/17_chage-M_no_shadow_entry/data/passwd new file mode 100644 index 0000000..d9ad1e2 --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/data/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/17_chage-M_no_shadow_entry/data/shadow b/tests/chage/17_chage-M_no_shadow_entry/data/shadow new file mode 100644 index 0000000..fb623f7 --- /dev/null +++ b/tests/chage/17_chage-M_no_shadow_entry/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: +bin:*:::12:::: diff --git a/tests/chage/18_chage-d_no_shadow_entry/chage.test b/tests/chage/18_chage-d_no_shadow_entry/chage.test new file mode 100755 index 0000000..fb56cef --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change bin's mindays (chage -d 2011-09-11 bin)..." +chage -d 2011-09-11 bin +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/18_chage-d_no_shadow_entry/config.txt b/tests/chage/18_chage-d_no_shadow_entry/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/18_chage-d_no_shadow_entry/config/etc/group b/tests/chage/18_chage-d_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow b/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs b/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd b/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..8656be4 --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow b/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..88faec2 --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/chage/18_chage-d_no_shadow_entry/data/passwd b/tests/chage/18_chage-d_no_shadow_entry/data/passwd new file mode 100644 index 0000000..d9ad1e2 --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/data/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/18_chage-d_no_shadow_entry/data/shadow b/tests/chage/18_chage-d_no_shadow_entry/data/shadow new file mode 100644 index 0000000..df82e6c --- /dev/null +++ b/tests/chage/18_chage-d_no_shadow_entry/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: +bin:*:15228:::::: diff --git a/tests/chage/19_chage-W_no_shadow_entry/chage.test b/tests/chage/19_chage-W_no_shadow_entry/chage.test new file mode 100755 index 0000000..410ccbb --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change bin's mindays (chage -W 12 bin)..." +chage -W 12 bin +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/19_chage-W_no_shadow_entry/config.txt b/tests/chage/19_chage-W_no_shadow_entry/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/19_chage-W_no_shadow_entry/config/etc/group b/tests/chage/19_chage-W_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow b/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs b/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd b/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..8656be4 --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow b/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..88faec2 --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/chage/19_chage-W_no_shadow_entry/data/passwd b/tests/chage/19_chage-W_no_shadow_entry/data/passwd new file mode 100644 index 0000000..d9ad1e2 --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/data/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/19_chage-W_no_shadow_entry/data/shadow b/tests/chage/19_chage-W_no_shadow_entry/data/shadow new file mode 100644 index 0000000..3265423 --- /dev/null +++ b/tests/chage/19_chage-W_no_shadow_entry/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: +bin:*::::12::: diff --git a/tests/chage/20_chage-E_no_shadow_entry/chage.test b/tests/chage/20_chage-E_no_shadow_entry/chage.test new file mode 100755 index 0000000..52079f7 --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change bin's mindays (chage -E 2011-09-11 bin)..." +chage -E 2011-09-11 bin +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/20_chage-E_no_shadow_entry/config.txt b/tests/chage/20_chage-E_no_shadow_entry/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/20_chage-E_no_shadow_entry/config/etc/group b/tests/chage/20_chage-E_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow b/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs b/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd b/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..8656be4 --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow b/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..88faec2 --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/chage/20_chage-E_no_shadow_entry/data/passwd b/tests/chage/20_chage-E_no_shadow_entry/data/passwd new file mode 100644 index 0000000..d9ad1e2 --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/data/passwd @@ -0,0 +1,20 @@ +root:*:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:*:102:102::/var/spool/exim4:/bin/false +foo:abc:1000:1000::/nonexistent:/bin/sh diff --git a/tests/chage/20_chage-E_no_shadow_entry/data/shadow b/tests/chage/20_chage-E_no_shadow_entry/data/shadow new file mode 100644 index 0000000..752a49a --- /dev/null +++ b/tests/chage/20_chage-E_no_shadow_entry/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: +bin:*::::::15228: diff --git a/tests/chage/21_chage_no_shadow_file/chage.test b/tests/chage/21_chage_no_shadow_file/chage.test new file mode 100755 index 0000000..c2e8d0e --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/chage.test @@ -0,0 +1,58 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage warns when shadow is not enabled" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Remove /etc/shadow..." +rm -f /etc/shadow +echo "OK" + +echo -n "Use chage with an invalid user (chage -I 12 bin)..." +chage -I 12 bin 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "15" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +test ! -f /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/21_chage_no_shadow_file/config.txt b/tests/chage/21_chage_no_shadow_file/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/config.txt diff --git a/tests/chage/21_chage_no_shadow_file/config/etc/group b/tests/chage/21_chage_no_shadow_file/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/21_chage_no_shadow_file/config/etc/gshadow b/tests/chage/21_chage_no_shadow_file/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/21_chage_no_shadow_file/config/etc/passwd b/tests/chage/21_chage_no_shadow_file/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/21_chage_no_shadow_file/config/etc/shadow b/tests/chage/21_chage_no_shadow_file/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/21_chage_no_shadow_file/data/usage.out b/tests/chage/21_chage_no_shadow_file/data/usage.out new file mode 100644 index 0000000..07d7a30 --- /dev/null +++ b/tests/chage/21_chage_no_shadow_file/data/usage.out @@ -0,0 +1 @@ +chage: the shadow password file is not present diff --git a/tests/chage/22_chage_myuser-l/chage.test b/tests/chage/22_chage_myuser-l/chage.test new file mode 100755 index 0000000..34ad36d --- /dev/null +++ b/tests/chage/22_chage_myuser-l/chage.test @@ -0,0 +1,51 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage can be used to show one's aging info" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +for user in $(ls data/) +do + echo -n "Get $user aging info (chage -l $user)..." + su myuser1 -c "chage -l $user" >tmp/$user + echo "OK" + + echo "chage reported:" + echo "=======================================================================" + cat tmp/$user + echo "=======================================================================" + echo -n "Compare with expected output..." + diff -au data/$user tmp/$user + echo "OK" + rm -f tmp/$user +done + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/22_chage_myuser-l/config.txt b/tests/chage/22_chage_myuser-l/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/22_chage_myuser-l/config.txt diff --git a/tests/chage/22_chage_myuser-l/config/etc/group b/tests/chage/22_chage_myuser-l/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/22_chage_myuser-l/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/22_chage_myuser-l/config/etc/gshadow b/tests/chage/22_chage_myuser-l/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/22_chage_myuser-l/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/22_chage_myuser-l/config/etc/passwd b/tests/chage/22_chage_myuser-l/config/etc/passwd new file mode 100644 index 0000000..31046cf --- /dev/null +++ b/tests/chage/22_chage_myuser-l/config/etc/passwd @@ -0,0 +1,32 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash +myuser8:x:424249:424242::/home:/bin/bash +myuser9:x:424250:424242::/home:/bin/bash +myuser10:x:424251:424242::/home:/bin/bash +myuser11:x:424252:424242::/home:/bin/bash +myuser12:x:424253:424242::/home:/bin/bash +myuser13:x:424254:424242::/home:/bin/bash diff --git a/tests/chage/22_chage_myuser-l/config/etc/shadow b/tests/chage/22_chage_myuser-l/config/etc/shadow new file mode 100644 index 0000000..4b81469 --- /dev/null +++ b/tests/chage/22_chage_myuser-l/config/etc/shadow @@ -0,0 +1,30 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1:: +myuser8:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:9999:7:1:: +myuser9:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:9999:7:1:: +myuser10:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0::7:1:: +#myuser11:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1:: diff --git a/tests/chage/22_chage_myuser-l/data/myuser1 b/tests/chage/22_chage_myuser-l/data/myuser1 new file mode 100644 index 0000000..64754ca --- /dev/null +++ b/tests/chage/22_chage_myuser-l/data/myuser1 @@ -0,0 +1,7 @@ +Last password change : Jul 27, 2005 +Password expires : never +Password inactive : never +Account expires : never +Minimum number of days between password change : 0 +Maximum number of days between password change : 99999 +Number of days of warning before password expires : 7 diff --git a/tests/chage/23_chage_myuser-I/chage.test b/tests/chage/23_chage_myuser-I/chage.test new file mode 100755 index 0000000..0bd7043 --- /dev/null +++ b/tests/chage/23_chage_myuser-I/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage forbids to change aging info" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "myusers1 uses chage to change myuser1 aging info (chage -I 12 myuser2)..." +su myuser1 -c "chage -I 12 myuser1" 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/23_chage_myuser-I/config.txt b/tests/chage/23_chage_myuser-I/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/23_chage_myuser-I/config.txt diff --git a/tests/chage/23_chage_myuser-I/config/etc/group b/tests/chage/23_chage_myuser-I/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/23_chage_myuser-I/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/23_chage_myuser-I/config/etc/gshadow b/tests/chage/23_chage_myuser-I/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/23_chage_myuser-I/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/23_chage_myuser-I/config/etc/passwd b/tests/chage/23_chage_myuser-I/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/23_chage_myuser-I/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/23_chage_myuser-I/config/etc/shadow b/tests/chage/23_chage_myuser-I/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/23_chage_myuser-I/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/23_chage_myuser-I/data/usage.out b/tests/chage/23_chage_myuser-I/data/usage.out new file mode 100644 index 0000000..dc0d6ca --- /dev/null +++ b/tests/chage/23_chage_myuser-I/data/usage.out @@ -0,0 +1 @@ +chage: Permission denied. diff --git a/tests/chage/24_chage_myuser-l_other/chage.test b/tests/chage/24_chage_myuser-l_other/chage.test new file mode 100755 index 0000000..ef2f8e2 --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/chage.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage forbids to get other accounts aging info" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "myusers1 uses chage to get myuser2 aging info (chage -l myuser2)..." +su myuser1 -c "chage -l myuser2" 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chage reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/24_chage_myuser-l_other/config.txt b/tests/chage/24_chage_myuser-l_other/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/config.txt diff --git a/tests/chage/24_chage_myuser-l_other/config/etc/group b/tests/chage/24_chage_myuser-l_other/config/etc/group new file mode 100644 index 0000000..245cc9c --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +myuser:x:424242: diff --git a/tests/chage/24_chage_myuser-l_other/config/etc/gshadow b/tests/chage/24_chage_myuser-l_other/config/etc/gshadow new file mode 100644 index 0000000..25bd55b --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +myuser:x:: diff --git a/tests/chage/24_chage_myuser-l_other/config/etc/passwd b/tests/chage/24_chage_myuser-l_other/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/24_chage_myuser-l_other/config/etc/shadow b/tests/chage/24_chage_myuser-l_other/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/24_chage_myuser-l_other/data/usage.out b/tests/chage/24_chage_myuser-l_other/data/usage.out new file mode 100644 index 0000000..dc0d6ca --- /dev/null +++ b/tests/chage/24_chage_myuser-l_other/data/usage.out @@ -0,0 +1 @@ +chage: Permission denied. diff --git a/tests/chage/25_chage_interractive/chage.test b/tests/chage/25_chage_interractive/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/25_chage_interractive/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/25_chage_interractive/config.txt b/tests/chage/25_chage_interractive/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/25_chage_interractive/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/25_chage_interractive/config/etc/group b/tests/chage/25_chage_interractive/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/25_chage_interractive/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/25_chage_interractive/config/etc/gshadow b/tests/chage/25_chage_interractive/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/25_chage_interractive/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/25_chage_interractive/config/etc/login.defs b/tests/chage/25_chage_interractive/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/25_chage_interractive/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/25_chage_interractive/config/etc/passwd b/tests/chage/25_chage_interractive/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/25_chage_interractive/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/25_chage_interractive/config/etc/shadow b/tests/chage/25_chage_interractive/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/25_chage_interractive/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/25_chage_interractive/data/shadow b/tests/chage/25_chage_interractive/data/shadow new file mode 100644 index 0000000..334494a --- /dev/null +++ b/tests/chage/25_chage_interractive/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/25_chage_interractive/run.exp b/tests/chage/25_chage_interractive/run.exp new file mode 100755 index 0000000..5b4b1d0 --- /dev/null +++ b/tests/chage/25_chage_interractive/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "2005-07-26\r" +expect -re "Password Expiration Warning .7\]: " +send "9\r" +expect -re "Password Inactive .-1\]: " +send "35\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "2012-07-27\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/26_chage_interractive_date_0/chage.test b/tests/chage/26_chage_interractive_date_0/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/26_chage_interractive_date_0/config.txt b/tests/chage/26_chage_interractive_date_0/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/26_chage_interractive_date_0/config/etc/group b/tests/chage/26_chage_interractive_date_0/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/26_chage_interractive_date_0/config/etc/gshadow b/tests/chage/26_chage_interractive_date_0/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/26_chage_interractive_date_0/config/etc/login.defs b/tests/chage/26_chage_interractive_date_0/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/26_chage_interractive_date_0/config/etc/passwd b/tests/chage/26_chage_interractive_date_0/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/26_chage_interractive_date_0/config/etc/shadow b/tests/chage/26_chage_interractive_date_0/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/26_chage_interractive_date_0/data/shadow b/tests/chage/26_chage_interractive_date_0/data/shadow new file mode 100644 index 0000000..293987c --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:13:14:9:35:0: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/26_chage_interractive_date_0/run.exp b/tests/chage/26_chage_interractive_date_0/run.exp new file mode 100755 index 0000000..2f97abb --- /dev/null +++ b/tests/chage/26_chage_interractive_date_0/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "0\r" +expect -re "Password Expiration Warning .7\]: " +send "9\r" +expect -re "Password Inactive .-1\]: " +send "35\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "0\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/27_chage_interractive_date_-1/chage.test b/tests/chage/27_chage_interractive_date_-1/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/27_chage_interractive_date_-1/config.txt b/tests/chage/27_chage_interractive_date_-1/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/27_chage_interractive_date_-1/config/etc/group b/tests/chage/27_chage_interractive_date_-1/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/27_chage_interractive_date_-1/config/etc/gshadow b/tests/chage/27_chage_interractive_date_-1/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/27_chage_interractive_date_-1/config/etc/login.defs b/tests/chage/27_chage_interractive_date_-1/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/27_chage_interractive_date_-1/config/etc/passwd b/tests/chage/27_chage_interractive_date_-1/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/27_chage_interractive_date_-1/config/etc/shadow b/tests/chage/27_chage_interractive_date_-1/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/27_chage_interractive_date_-1/data/shadow b/tests/chage/27_chage_interractive_date_-1/data/shadow new file mode 100644 index 0000000..800f1a2 --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::13:14:9:35:: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/27_chage_interractive_date_-1/run.exp b/tests/chage/27_chage_interractive_date_-1/run.exp new file mode 100755 index 0000000..f4c20a1 --- /dev/null +++ b/tests/chage/27_chage_interractive_date_-1/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send -- "-1\r" +expect -re "Password Expiration Warning .7\]: " +send "9\r" +expect -re "Password Inactive .-1\]: " +send "35\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send -- "-1\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/28_chage_interractive_date_EPOCH/chage.test b/tests/chage/28_chage_interractive_date_EPOCH/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/28_chage_interractive_date_EPOCH/config.txt b/tests/chage/28_chage_interractive_date_EPOCH/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/28_chage_interractive_date_EPOCH/config/etc/group b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/28_chage_interractive_date_EPOCH/config/etc/gshadow b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/28_chage_interractive_date_EPOCH/config/etc/login.defs b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/28_chage_interractive_date_EPOCH/config/etc/passwd b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/28_chage_interractive_date_EPOCH/config/etc/shadow b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/28_chage_interractive_date_EPOCH/data/shadow b/tests/chage/28_chage_interractive_date_EPOCH/data/shadow new file mode 100644 index 0000000..293987c --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:13:14:9:35:0: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/28_chage_interractive_date_EPOCH/run.exp b/tests/chage/28_chage_interractive_date_EPOCH/run.exp new file mode 100755 index 0000000..a93e8cc --- /dev/null +++ b/tests/chage/28_chage_interractive_date_EPOCH/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "1970-01-01\r" +expect -re "Password Expiration Warning .7\]: " +send "9\r" +expect -re "Password Inactive .-1\]: " +send "35\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "1970-01-01\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/chage.test b/tests/chage/29_chage_interractive_date_pre-EPOCH/chage.test new file mode 100755 index 0000000..99f2df4 --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/config.txt b/tests/chage/29_chage_interractive_date_pre-EPOCH/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/group b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/gshadow b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/login.defs b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/passwd b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/shadow b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/29_chage_interractive_date_pre-EPOCH/run.exp b/tests/chage/29_chage_interractive_date_pre-EPOCH/run.exp new file mode 100755 index 0000000..a43fd04 --- /dev/null +++ b/tests/chage/29_chage_interractive_date_pre-EPOCH/run.exp @@ -0,0 +1,26 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "1900-01-01\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/chage.test b/tests/chage/30_chage_interractive_date_pre-EPOCH2/chage.test new file mode 100755 index 0000000..99f2df4 --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/config.txt b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/group b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/gshadow b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/login.defs b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/passwd b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/shadow b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/30_chage_interractive_date_pre-EPOCH2/run.exp b/tests/chage/30_chage_interractive_date_pre-EPOCH2/run.exp new file mode 100755 index 0000000..9c3c5db --- /dev/null +++ b/tests/chage/30_chage_interractive_date_pre-EPOCH2/run.exp @@ -0,0 +1,32 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "1970-01-01\r" +expect -re "Password Expiration Warning .7\]: " +send "9\r" +expect -re "Password Inactive .-1\]: " +send "35\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "1900-01-01\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/31_chage_interractive_date_invalid/chage.test b/tests/chage/31_chage_interractive_date_invalid/chage.test new file mode 100755 index 0000000..84e9390 --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock /etc/shadow.lock' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/31_chage_interractive_date_invalid/config.txt b/tests/chage/31_chage_interractive_date_invalid/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/31_chage_interractive_date_invalid/config/etc/group b/tests/chage/31_chage_interractive_date_invalid/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/31_chage_interractive_date_invalid/config/etc/gshadow b/tests/chage/31_chage_interractive_date_invalid/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/31_chage_interractive_date_invalid/config/etc/login.defs b/tests/chage/31_chage_interractive_date_invalid/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/31_chage_interractive_date_invalid/config/etc/passwd b/tests/chage/31_chage_interractive_date_invalid/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/31_chage_interractive_date_invalid/config/etc/shadow b/tests/chage/31_chage_interractive_date_invalid/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/31_chage_interractive_date_invalid/run.exp b/tests/chage/31_chage_interractive_date_invalid/run.exp new file mode 100755 index 0000000..91551d4 --- /dev/null +++ b/tests/chage/31_chage_interractive_date_invalid/run.exp @@ -0,0 +1,26 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "2000-13-42\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/32_chage_interractive_date_invalid2/chage.test b/tests/chage/32_chage_interractive_date_invalid2/chage.test new file mode 100755 index 0000000..99f2df4 --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/32_chage_interractive_date_invalid2/config.txt b/tests/chage/32_chage_interractive_date_invalid2/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/32_chage_interractive_date_invalid2/config/etc/group b/tests/chage/32_chage_interractive_date_invalid2/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/32_chage_interractive_date_invalid2/config/etc/gshadow b/tests/chage/32_chage_interractive_date_invalid2/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/32_chage_interractive_date_invalid2/config/etc/login.defs b/tests/chage/32_chage_interractive_date_invalid2/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/32_chage_interractive_date_invalid2/config/etc/passwd b/tests/chage/32_chage_interractive_date_invalid2/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/32_chage_interractive_date_invalid2/config/etc/shadow b/tests/chage/32_chage_interractive_date_invalid2/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/32_chage_interractive_date_invalid2/run.exp b/tests/chage/32_chage_interractive_date_invalid2/run.exp new file mode 100755 index 0000000..edc3f78 --- /dev/null +++ b/tests/chage/32_chage_interractive_date_invalid2/run.exp @@ -0,0 +1,26 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "2000-mm-42\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/33_chage_interractive-W_invalid1/chage.test b/tests/chage/33_chage_interractive-W_invalid1/chage.test new file mode 100755 index 0000000..fc4dd9d --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage interractive session checks field validity" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/33_chage_interractive-W_invalid1/config.txt b/tests/chage/33_chage_interractive-W_invalid1/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/33_chage_interractive-W_invalid1/config/etc/group b/tests/chage/33_chage_interractive-W_invalid1/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/33_chage_interractive-W_invalid1/config/etc/gshadow b/tests/chage/33_chage_interractive-W_invalid1/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/33_chage_interractive-W_invalid1/config/etc/login.defs b/tests/chage/33_chage_interractive-W_invalid1/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/33_chage_interractive-W_invalid1/config/etc/passwd b/tests/chage/33_chage_interractive-W_invalid1/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/33_chage_interractive-W_invalid1/config/etc/shadow b/tests/chage/33_chage_interractive-W_invalid1/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/33_chage_interractive-W_invalid1/run.exp b/tests/chage/33_chage_interractive-W_invalid1/run.exp new file mode 100755 index 0000000..ac50231 --- /dev/null +++ b/tests/chage/33_chage_interractive-W_invalid1/run.exp @@ -0,0 +1,32 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "0\r" +expect -re "Password Expiration Warning .7\]: " +send "9a\r" +#expect -re "Password Inactive .-1\]: " +#send "35\r" +#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +#send "0\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/34_chage_interractive-W_invalid2/chage.test b/tests/chage/34_chage_interractive-W_invalid2/chage.test new file mode 100755 index 0000000..fc4dd9d --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage interractive session checks field validity" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/34_chage_interractive-W_invalid2/config.txt b/tests/chage/34_chage_interractive-W_invalid2/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/34_chage_interractive-W_invalid2/config/etc/group b/tests/chage/34_chage_interractive-W_invalid2/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/34_chage_interractive-W_invalid2/config/etc/gshadow b/tests/chage/34_chage_interractive-W_invalid2/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/34_chage_interractive-W_invalid2/config/etc/login.defs b/tests/chage/34_chage_interractive-W_invalid2/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/34_chage_interractive-W_invalid2/config/etc/passwd b/tests/chage/34_chage_interractive-W_invalid2/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/34_chage_interractive-W_invalid2/config/etc/shadow b/tests/chage/34_chage_interractive-W_invalid2/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/34_chage_interractive-W_invalid2/run.exp b/tests/chage/34_chage_interractive-W_invalid2/run.exp new file mode 100755 index 0000000..04b6f57 --- /dev/null +++ b/tests/chage/34_chage_interractive-W_invalid2/run.exp @@ -0,0 +1,32 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "13\r" +expect -re "Maximum Password Age .99999\]: " +send "14\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "0\r" +expect -re "Password Expiration Warning .7\]: " +send -- "-2\r" +#expect -re "Password Inactive .-1\]: " +#send "35\r" +#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +#send "0\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/35_chage_interractive-W-1/chage.test b/tests/chage/35_chage_interractive-W-1/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/35_chage_interractive-W-1/config.txt b/tests/chage/35_chage_interractive-W-1/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/35_chage_interractive-W-1/config/etc/group b/tests/chage/35_chage_interractive-W-1/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/35_chage_interractive-W-1/config/etc/gshadow b/tests/chage/35_chage_interractive-W-1/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/35_chage_interractive-W-1/config/etc/login.defs b/tests/chage/35_chage_interractive-W-1/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/35_chage_interractive-W-1/config/etc/passwd b/tests/chage/35_chage_interractive-W-1/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/35_chage_interractive-W-1/config/etc/shadow b/tests/chage/35_chage_interractive-W-1/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/35_chage_interractive-W-1/data/shadow b/tests/chage/35_chage_interractive-W-1/data/shadow new file mode 100644 index 0000000..4b74f15 --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/35_chage_interractive-W-1/run.exp b/tests/chage/35_chage_interractive-W-1/run.exp new file mode 100755 index 0000000..84fd749 --- /dev/null +++ b/tests/chage/35_chage_interractive-W-1/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "\r" +expect -re "Maximum Password Age .99999\]: " +send "\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "\r" +expect -re "Password Expiration Warning .7\]: " +send -- "-1\r" +expect -re "Password Inactive .-1\]: " +send "\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/36_chage_interractive-I_invalid1/chage.test b/tests/chage/36_chage_interractive-I_invalid1/chage.test new file mode 100755 index 0000000..fc4dd9d --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage interractive session checks field validity" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/36_chage_interractive-I_invalid1/config.txt b/tests/chage/36_chage_interractive-I_invalid1/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/36_chage_interractive-I_invalid1/config/etc/group b/tests/chage/36_chage_interractive-I_invalid1/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/36_chage_interractive-I_invalid1/config/etc/gshadow b/tests/chage/36_chage_interractive-I_invalid1/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/36_chage_interractive-I_invalid1/config/etc/login.defs b/tests/chage/36_chage_interractive-I_invalid1/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/36_chage_interractive-I_invalid1/config/etc/passwd b/tests/chage/36_chage_interractive-I_invalid1/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/36_chage_interractive-I_invalid1/config/etc/shadow b/tests/chage/36_chage_interractive-I_invalid1/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/36_chage_interractive-I_invalid1/run.exp b/tests/chage/36_chage_interractive-I_invalid1/run.exp new file mode 100755 index 0000000..1e3087b --- /dev/null +++ b/tests/chage/36_chage_interractive-I_invalid1/run.exp @@ -0,0 +1,32 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "\r" +expect -re "Maximum Password Age .99999\]: " +send "\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "\r" +expect -re "Password Expiration Warning .7\]: " +send "\r" +expect -re "Password Inactive .-1\]: " +send "9a\r" +#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +#send "0\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/37_chage_interractive-I_invalid2/chage.test b/tests/chage/37_chage_interractive-I_invalid2/chage.test new file mode 100755 index 0000000..fc4dd9d --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage interractive session checks field validity" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/37_chage_interractive-I_invalid2/config.txt b/tests/chage/37_chage_interractive-I_invalid2/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/37_chage_interractive-I_invalid2/config/etc/group b/tests/chage/37_chage_interractive-I_invalid2/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/37_chage_interractive-I_invalid2/config/etc/gshadow b/tests/chage/37_chage_interractive-I_invalid2/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/37_chage_interractive-I_invalid2/config/etc/login.defs b/tests/chage/37_chage_interractive-I_invalid2/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/37_chage_interractive-I_invalid2/config/etc/passwd b/tests/chage/37_chage_interractive-I_invalid2/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/37_chage_interractive-I_invalid2/config/etc/shadow b/tests/chage/37_chage_interractive-I_invalid2/config/etc/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/37_chage_interractive-I_invalid2/run.exp b/tests/chage/37_chage_interractive-I_invalid2/run.exp new file mode 100755 index 0000000..b059117 --- /dev/null +++ b/tests/chage/37_chage_interractive-I_invalid2/run.exp @@ -0,0 +1,32 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "\r" +expect -re "Maximum Password Age .99999\]: " +send "\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "\r" +expect -re "Password Expiration Warning .7\]: " +send "\r" +expect -re "Password Inactive .-1\]: " +send -- "-2\r" +#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +#send "0\r" +expect "chage: error changing fields\r\n" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/38_chage_interractive-I-1/chage.test b/tests/chage/38_chage_interractive-I-1/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/38_chage_interractive-I-1/config.txt b/tests/chage/38_chage_interractive-I-1/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/38_chage_interractive-I-1/config/etc/group b/tests/chage/38_chage_interractive-I-1/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/38_chage_interractive-I-1/config/etc/gshadow b/tests/chage/38_chage_interractive-I-1/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/38_chage_interractive-I-1/config/etc/login.defs b/tests/chage/38_chage_interractive-I-1/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/38_chage_interractive-I-1/config/etc/passwd b/tests/chage/38_chage_interractive-I-1/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/38_chage_interractive-I-1/config/etc/shadow b/tests/chage/38_chage_interractive-I-1/config/etc/shadow new file mode 100644 index 0000000..922d955 --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:3:: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/38_chage_interractive-I-1/data/shadow b/tests/chage/38_chage_interractive-I-1/data/shadow new file mode 100644 index 0000000..da4c2bc --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/38_chage_interractive-I-1/run.exp b/tests/chage/38_chage_interractive-I-1/run.exp new file mode 100755 index 0000000..94eb463 --- /dev/null +++ b/tests/chage/38_chage_interractive-I-1/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "\r" +expect -re "Maximum Password Age .99999\]: " +send "\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: " +send "\r" +expect -re "Password Expiration Warning .7\]: " +send "\r" +expect -re "Password Inactive .3\]: " +send -- "-1\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + diff --git a/tests/chage/39_chage_interractive-d-1/chage.test b/tests/chage/39_chage_interractive-d-1/chage.test new file mode 100755 index 0000000..01f957f --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/chage.test @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "chage creates a shadow entry if there were none" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "chage interractive session as myuser1..." +./run.exp +echo "OK" + +echo -n "Check the passwd file..." +../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/chage/39_chage_interractive-d-1/config.txt b/tests/chage/39_chage_interractive-d-1/config.txt new file mode 100644 index 0000000..e9e4bbe --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/config.txt @@ -0,0 +1 @@ +group foo, GID 1000 diff --git a/tests/chage/39_chage_interractive-d-1/config/etc/group b/tests/chage/39_chage_interractive-d-1/config/etc/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/chage/39_chage_interractive-d-1/config/etc/gshadow b/tests/chage/39_chage_interractive-d-1/config/etc/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/chage/39_chage_interractive-d-1/config/etc/login.defs b/tests/chage/39_chage_interractive-d-1/config/etc/login.defs new file mode 100644 index 0000000..84fb3cc --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/config/etc/login.defs @@ -0,0 +1,315 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK usage is discouraged because it catches only some classes of user +# entries to system, in fact only those made through login(1), while setting +# umask in shell rc file will catch also logins through su, cron, ssh etc. +# +# At the same time, using shell rc to set umask won't catch entries which use +# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp" +# user and alike. +# +# Therefore the use of pam_umask is recommended (Debian package libpam-umask) +# as the solution which catches all these cases on PAM-enabled systems. +# +# This avoids the confusion created by having the umask set +# in two different places -- in login.defs and shell rc files (i.e. +# /etc/profile). +# +# For discussion, see #314539 and #248150 as well as the thread starting at +# http://lists.debian.org/debian-devel/2005/06/msg01598.html +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +# 022 is the "historical" value in Debian for UMASK when it was used +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +#UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# This enables userdel to remove user groups if no members exist. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, thus in Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is used by chpasswd, gpasswd and newusers. +# +#MD5_CRYPT_ENAB no + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/tests/chage/39_chage_interractive-d-1/config/etc/passwd b/tests/chage/39_chage_interractive-d-1/config/etc/passwd new file mode 100644 index 0000000..5d27e12 --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/config/etc/passwd @@ -0,0 +1,26 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +myuser1:x:424242:424242::/home:/bin/bash +myuser2:x:424243:424242::/home:/bin/bash +myuser3:x:424244:424242::/home:/bin/bash +myuser4:x:424245:424242::/home:/bin/bash +myuser5:x:424246:424242::/home:/bin/bash +myuser6:x:424247:424242::/home:/bin/bash +myuser7:x:424248:424242::/home:/bin/bash diff --git a/tests/chage/39_chage_interractive-d-1/config/etc/shadow b/tests/chage/39_chage_interractive-d-1/config/etc/shadow new file mode 100644 index 0000000..a1afc12 --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/config/etc/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:3:: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/39_chage_interractive-d-1/data/shadow b/tests/chage/39_chage_interractive-d-1/data/shadow new file mode 100644 index 0000000..a1afc12 --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/data/shadow @@ -0,0 +1,26 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:3:: +myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5::: +myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0: +myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1: +myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0:: +myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: +myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1:: diff --git a/tests/chage/39_chage_interractive-d-1/run.exp b/tests/chage/39_chage_interractive-d-1/run.exp new file mode 100755 index 0000000..362436b --- /dev/null +++ b/tests/chage/39_chage_interractive-d-1/run.exp @@ -0,0 +1,31 @@ +#!/usr/bin/expect + +set timeout 5 + +# I've not been able to put the opening bracket in the regular expressions +# If anyone knows... + +spawn /usr/bin/chage myuser1 +expect -re "Minimum Password Age .0\]: " +send "\r" +expect -re "Maximum Password Age .99999\]: " +send "\r" +expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .-1\]: " +send -- "-1\r" +expect -re "Password Expiration Warning .7\]: " +send "\r" +expect -re "Password Inactive .3\]: " +send "\r" +expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: " +send "\r" +expect { + eof { + } default { + puts "\nFAIL" + exit 1 + } +} + +puts "\nPASS" +exit 0 + |